aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,169 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c06dfe6e26'
${ noResults }
Commit Graph

6169 Commits (c06dfe6e26e16b0c8e3d4965b5a0ddafc2553174)
 

Author SHA1 Message Date
Eric Leblond 2ecab3f765 decode-mime: fix body md5 computation 
Previous code was wrongly supposing the lines are ending with CRLF.
But this is not the case so we must propagate the length of end of
line delimiter to be able to compute the md5 of the mail body.
 10 years ago
Eric Leblond 53419b93c8 util-decode-mime: fix some unittests 
Unittests were failling when ASAN is activated because it was
finding some read outside of bounds. This patch fixes the different
reported issues.
 10 years ago
Eric Leblond dbb3e1976e util-decode-mime: fix IsIpv6Host function 
Using in6_addr is better when calling inet_pton. This fixes an
issue reported by ASAN.
 10 years ago
Eric Leblond 38750f1313 smtp-layer: remove FIXME and del excessive newline 10 years ago
Eric Leblond 6f04988ba1 output-json: add tx_id to events 
This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.
 10 years ago
Eric Leblond 113d6a3950 output-json: add create header with tx function 
To be able to correlate between events, it is better to have the
tx_id information in the root object. This function adds a new
function to automate the addition of the field.
 10 years ago
Eric Leblond 96412e8921 json-email: JsonEmailAddMetadata update 
Add tx_id to the list of params to be in sync with recent changes.
 10 years ago
Eric Leblond bf6b0145e2 json-http: gen metadata function with tx_id param 10 years ago
Eric Leblond d9b602fc0f json-smtp: add tx_id param to metadata generation 
In all metadata generation contexts we know the tx_id so we better
used it to log the correct transaction and not an other one.
 10 years ago
Eric Leblond 0ef0f1d526 json-smtp: change copyright date 10 years ago
Eric Leblond f03a7a032f json-alert: add smtp elements in alert 10 years ago
Eric Leblond 77a5273cde json-smtp: fix a debug message 10 years ago
Eric Leblond 946f2a6acc email-json: add bcc to extended fields 10 years ago
Eric Leblond fbd6428f1b smtp-layer: add MAIL FROM parsing test in unittest 10 years ago
Eric Leblond 534360fc02 smtp-layer: add HELO parsing test in unittest 10 years ago
Eric Leblond 8fd88f543d yaml: add comment describing smtp extended 10 years ago
Eric Leblond f81f353d1f email-json: add 'date' field extraction 10 years ago
Eric Leblond 6f033747ec util-decode-mime: add unittests for field fetching 10 years ago
Eric Leblond 17edff6c5e unittests: finally register MIME tests 10 years ago
Eric Leblond 6e0668125c email-json: improve log message 10 years ago
Eric Leblond dad1f85edb email-json: add author 
Add myself as author and change the copyright date.
 10 years ago
Eric Leblond d1b0a5aa6d yaml: document new MIME features 10 years ago
Eric Leblond caa8982b43 email-json: add some fields 
This patch adds some fields to the list of extracted fields.
 10 years ago
Eric Leblond ca52fa91dd email-json: body md5 logging is optional 10 years ago
Eric Leblond a719ea3c92 email-json: add capa to display subject md5 
To be able to identify mails with identical subjects without
using the subject itself as a key, it is possible to use the md5
hash of the subjet string. This allows to limit the privacy impact.
 10 years ago
Eric Leblond 881aa3efce email-json: don't log subject by default 
It seems to be a bit too intrusive for the privacy so this patch
adds this field to the extended logging only.
 10 years ago
Eric Leblond 7bb38f7c30 decode-mime: fix typo in comment 10 years ago
Eric Leblond 431dc155aa email-json: delete white space from "from" 
The From field is handled separatly and it could also starts by
white spaces.
 10 years ago
Eric Leblond abcaf46193 email-json: delete leading white spaces 
Some mail clients are using tabulation and/or space for comma
separated list. This patch removes them so the event will contain
only significative characters.
 10 years ago
Eric Leblond 4c0f8803e7 email-json: factorize the code 10 years ago
Eric Leblond a7ef0c05ba email-json: add LOG_EMAIL_COMMA type 
extract these data types by treating them as a comma separated list.
 10 years ago
Eric Leblond 3456ec467f email-json: add custom fields support 
This patch adds a way to specify which MIME fields to log via
the custom keyword in the EVE configuration. it also adds an
extended logging where some fields are added. The logging support
mono value fields as well as multivalue fields via the use of
JSON array.
 10 years ago
Eric Leblond 714c30a127 decode-mime: introduce MimeDecFindFieldsForEach 
This patch introduces a new function that can be used to handle
multivalued MIME fields. A callback function can be called for
each corresponding field value.
 10 years ago
Eric Leblond 54038f5691 file-json: log 'email' information 
Log information coming from email/MIME decoding in the message.
 10 years ago
Eric Leblond ab941305d5 email-json: add function to export data 10 years ago
Eric Leblond 77119a3186 file-json: output smtp proto info 10 years ago
Eric Leblond 47a199ee97 smtp-json: introduce function to output smtp data 10 years ago
Eric Leblond 94dbd303e4 file-json: log http data using common function 10 years ago
Eric Leblond 4ef12dcf5d alert-json: use new JsonHttpAddMetadata function 
This patch uses the newly introduced function to handle the logging
of HTTP data.
 10 years ago
Eric Leblond bccabe3813 http-json: introduce JsonHttpAddMetadata function 
This function will be usable in other logging components to add
the http data to their messages.
 10 years ago
Eric Leblond d7e13c2c03 email-json: output MIME parsing status 
If the status is not PARSE_DONE then in that case we may have
imcomplete information. Increasing the stream reassemly depth
in that case would be a good idea.
 10 years ago
Eric Leblond a233a982ea decode-mime: add function to get status 
This new function return the textual status of MIME parsing.
 10 years ago
Eric Leblond 9900558428 smtp: add 'body-md5' mime option 
This option will allow the user to select weither or not he wants
to journalize the md5 of the mail body.
 10 years ago
Eric Leblond ea311c1594 email-json: export md5sum of body 
The body_md5 has been added and contain the value of the md5sum
of the body.

This patch is using the state PARSE_DONE on the MIME state to
detect when a message has been completely parsed.
 10 years ago
Eric Leblond d39009ca58 decode-mime: compute body md5 
This patch is computing the md5 sum of the body of the MIME message.
This will allow to detect messages with same content and sent to
different people.
 10 years ago
Eric Leblond e43eb76abd app-layer-stmp: simplify code 
Delete a only used once goto to a point where we only do a return.
 10 years ago
Eric Leblond 0f3979cc81 output-json-smtp: output RCPT TO fields 
This patch uses an array to output the RCPT TO fields to the
JSON message.
 10 years ago
Eric Leblond 752fdba957 app-layer-smtp: parse and extract RCPT TO fields 
Add the RCPT TO fields to a linked list stored in the transaction.
 10 years ago
Eric Leblond 2abae3f0a1 smtp-json: update SMTP EVE messages 
This patch updates SMTP message to have them feature a 'smtp'
section which will contain all fields coming from the smtp
protocol.
 10 years ago
Eric Leblond 7bca8268bc app-layer-smtp: extract and store HELO and MAIL FROM 
This patch updates the SMTP transaction and SMTP state to be able
to contain the HELO and MAIL FROM fields.
 10 years ago